By Sarah Pridgeon
An unidentified account by the name of “admin” has allegedly granted permissions that give both itself and other users access to county residents’ personal information stored within courthouse servers, including social security numbers and payroll data. This was brought to the attention of the county commissioners on Tuesday after a series of events led to its discovery.
The issue is associated with software shared by the County Clerk’s Office and the County Treasurer’s Office. It cannot be accessed by any other person aside from IT support and the software developers.
Through this software, it is possible to give a user full access that allows them to change, create and delete records such as vehicle titles. Alternatively, a user can be given read-only access, allowing them to see data but make no changes to it.
County Clerk Linda Fritz reported that the issue came to light following a complaint from County Treasurer Mary Kuhl that Fritz had given her office access to vehicle registration data. Kuhl’s complaint states that this is a “security violation”.
Fritz confirmed that she did grant herself read-only access to find information on behalf of customers registering vehicle titles. The intention is to streamline and improve the experience, she said, rather than send customers back and forth between counters.
According to an informational letter Fritz submitted to the commissioners, this prompted her to begin a review of permissions. She found a total of six users associated with the Treasurer’s Office that have full access to motor vehicles, with permissions granted at various times between 2006 and 2018, including the mysterious “admin”, whose most recent permissions were granted on March 5.
“This gives them the ability to create, edit, delete and duplicate motor vehicle titles,” Fritz stated.
“With this knowledge, it is impossible for me to guarantee the accuracy of any titles, as another office has had the ability to alter them going back as far as 2006.”
According to Fritz, the software developer, Tyler Tech, informed her that they do not own the “admin” user name and that it must be a local user in the courthouse. The most recent change took place after the contract with the county’s previous IT support technician ended, apparently ruling him out also.
“Admin” also appears to have granted themselves numerous levels of permission, Fritz claimed. While she, as county clerk, operates with just six levels, “admin” has granted itself a total of 76.
“Who is the user “admin”?” Fritz questioned. “Not Tyler Tech, not [new IT support] Pro River Tech, not [our previous IT tech] and not me.”
Continuing her investigation, Fritz reported to the commissioners that she attempted to check a second software program shared by the two offices and found that someone had changed her password. Tyler Tech denied making the change and Fritz noted that only she and Kuhl have administrative access.
Fritz attempted to check the access logs but found they have been deleted between June 1, 2017 and February 2, 2018, making it impossible to tell who had made the password change.
“The first person [after that] to access the security module was Mary at 8:54 a.m. on February 23,” said Fritz’s report.
“Aside from the major issue of my password being changed by someone other than myself, the deletion of access logs removes the only trail of a user’s transactions within the software. This is destruction of government records,” Fritz stated in the letter.
Fritz also noted that the County Treasurer has had full access as a payroll clerk since fiscal year 2009-2010 and that previous County Clerk Connie Tschetter confirmed this was not her doing. This gives access to dates of birth and social security numbers of current and past employees and their dependents, which Fritz stated is protected by federal law.
Fritz told the commissioners she has no issue with read-only access to vehicle titles, but opposes anyone outside her office being able to access payroll records. She asked that the server be moved from the Treasurer’s Office into the computer room soon to be constructed.
It did not prove possible to identify “admin” during the meeting as no attendee admitted to owning the username. Fritz denied it belongs to her and repeated that it does not appear to belong to IT support or the software developers; Kuhl claimed that both she and her deputy treasurer have attempted to log in as the “admin” user and could not.
Fritz listed the dates of permission changes associated with users that erroneously have full access to vehicle titles, including Kuhl herself.
“That would have been when we were building the tax counter and motor vehicle counter users,” said Kuhl after hearing the list. Fritz reiterated that those users were given full access, not read-only.
Regarding her permissions as a payroll clerk, Kuhl said, “the only reason we have access to payroll” is to print warrants. She expressed that she has no issue with clearing up permissions and understands that full access is not necessary in the highlighted cases.
“I agree that we probably have users out there that need to be cleaned up, it’s just not been a priority,” she said.
Is Read-Only Access OK?
“I have a question about why you gave yourself access to registration data in July,” said Kuhl.
Fritz explained that her office had had read-only access for ten years until 2009, when there was a dispute between the two offices.
“We came in the next day and it was shut off,” she said.
Kuhl stated that, according to the Driver’s Protection Act, her office is responsible for those records and it is not legal for others to access it. Fritz responded that whatever rule applies to registrations is therefore true for vehicle titles, which fall under the same act – if Kuhl is correct in thinking Fritz is in the wrong, then she has been knowingly breaking the same rule herself.
Speaking later, Fritz pointed out that registration renewal postcards are sent out from the Treasurer’s Office with driver and vehicle information on them, which would surely be violating the same rule.
“Your data is no more private than my data,” Fritz says.
Kuhl disputed this, saying she does see a little bit of a difference between the two; however, County Attorney Joe Baron confirmed that the question is moot as government agencies carrying out their normal functions are exempt from the provisions of the act.
Kuhl stated that, in that case, she doesn’t have an issue with the data being viewed, but should there not be a record of who has done so? Baron responded that this is the function of the security log.
Unfortunately, said Jon Iglehart, Pro River Tech, someone with admin access deleted a chunk of that security log recently.
“Someone changed [Fritz’s] password and then covered their tracks,” he said.
That problem will need to be fixed in the future, said Baron. Iglehart stressed that he will be bringing up with Tyler Tech that it should under no circumstances be possible to delete those log files.
Fixing the Problem
The county commissioners agreed that, no matter who “admin” is, the important first step is to prevent unauthorized access as quickly as possible.
“That needs to stop, because it’s got an awful lot of power,” said Commissioner Jeanne Whalen.
County Attorney Joe Baron requested a list of all users in the system, the access they require to perform their jobs and the reasons why they need that access. Discussion was also held over giving authority over creating and changing account permissions to a third party, with the suggestion being made that Tyler Tech take that role.
“Tyler Tech is not going to take the authority for this – they want to be removed from it 110 percent. They want to put the onus of responsibility on the county and your departments,” said Jon Iglehart, Pro River Tech.
“This is where Pro River can really come in and help. As long as we know who’s allowed to make what decisions for which modules, that’s all we need to know and we can be the guard, guarding the door.”
Iglehart cautioned against making knee-jerk decisions and suggested a third party audit of who has access to what and building procedures for the county. Fritz requested that full access to vehicle titles be reduced to read-only immediately, “as it should be”.
“Sometimes it’s smart to slow your play down,” said Iglehart, advising that the suggested safety precautions and critical work be performed now, followed by an educated approach to preventing such a situation from arising again.